Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
user_rights [2014-04-09 19:15] nicolasuser_rights [2024-02-10 09:52] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== Understanding User Rights ====== +====== Discontinued permissions ======
- +
-In a multi-user environment controlling what a user can do is crucial. If you are a using Feng Office as a client extranet you probably don't want one client to see the documents of another client. If you are using Feng Office as an intranet you may have certain workspaces where certain employees are not allowed to edit information, and some other workspaces which are visible to the management exclusively. +
- +
-Setting the user rights is one of the more complex tasks in Feng Office. There are properties at several places, and you have to know where to find them and how they relate to each other. This page tries to summarize all the different settings that control user rights.  +
- +
-===== Types & levels ===== +
- +
-Basically there are two types of permissions: Some apply to your Feng Office installation as a whole - we call them **system permissions**. Others can be set per workspace - we refer to them as **workspace permissions**. +
- +
-On the other hand there are separate levels for setting permissions: You may grant (or deny) certain permissions per user (**user level permissions**) or per user group (**group level permissions**). In older versions there have been **company level permissions** as well, but they are ignored since Feng Office 1.5. +
- +
-===== User level permissions ===== +
- +
-On the level of each single user you can set system permissions as well as workspace permissions. +
-==== System permissions ==== +
- +
-{{:user_level_system_permissions.png|}} +
- +
-The system permissions define whether a user: +
-  * **Can edit company data:** If this permission is set the user will be able to edit the Owner Company's data in the Administration panel. This option is available for administrators only. +
-  * **Can manage security:** If this permission is set the user will be able to edit other users' permissions in the Administration panel. This option is available for administrators only. +
-  * **Can manage workspaces:** If this permission is set the user will be able to add, edit and delete Workspaces. +
-  * **Can manage configuration** If this permission is set the user will be able to edit system configuration in the Administration panel. This option is available for administrators only. +
-  * **Can manage all contacts:** If this permission is set the user will be able to edit all Contacts in the system. If it is not set, the user will only be able to see the contacts of the workspaces over which he has per-workspace permissions. +
-  * **Can manage templates:** If this permission is set the user will be able to add, edit and delete Templates in the Administration panel. This option is available for administrators only. +
-  * **Can manage reports:** If this permission is set the user will be able to add, edit and delete Reports in the Reporting tab. +
-  * **Can manage time:** If this permission is set the user will be able to work in the Time module and add time slots to tasks. +
-  * **Can add mail accounts:** If this permission is set, the user will be able to add e-mail accounts. +
- +
-==== Workspace permissions ==== +
- +
-{{:permissions_workspace2.jpg|}} +
- +
-Workspace permissions can be set by checking the checkboxes for the respective workspaces, which gives the user full access to that workspace. +
- +
-You can also edit permissions for a workspace from the Workspace's edit view. Here you can select which users will have access to the workspace. This permissions are the same as the ones defined on the user's view. +
- +
-{{:permissions_workspace.jpg|}} +
- +
-If you want to control workspace permissions in detail, click on the name of that workspace to bring up the workspace permission details. There you can define for each object type if a user is able to read and write it, to read it only, or not see it at all. +
- +
-There are two more checkboxes to control how a user can assign tasks to other users. If you activate the first one, this user can assign tasks to users of the owner company; if you activate the second one, this user can assign tasks to users of other client companies. If you don't check any of the two, this user can assign tasks only to users of his own company. +
- +
-===== Group level permissions ===== +
- +
-Groups (or roles) are a common concept for dealing with user rights. The idea is that you do not set permissions for every single user but that you can define groups (or roles) with specific rights and add the users to a certain group (or role). This makes controlling and updating permissions much easier. +
- +
-Since version 1.5 you can define workspace permissions as well as system permissions for a group. A group's permissions will apply to all of its users. Permissions are cumulative, meaning that a user will have all permissions defined in all of his groups plus his own permissions, or put in other words, if it has a permission set in at least one of his groups or his own permissions, he will have that permission. +
- +
-{{:groups1.jpg|}}+
  
 ===== Company level permissions (discontinued) ===== ===== Company level permissions (discontinued) =====
  
-  Company permissions are ignored in Feng Office 1.5.x, so you can skip this section if you are using that version.+Company permissions are ignored in Feng Office 1.5.x, so you can skip this section if you are using that version.
  
 {{:company_permissions.jpg|}} {{:company_permissions.jpg|}}
Line 68: Line 18:
 ===== Contacts permission anomaly ===== ===== Contacts permission anomaly =====
  
-  This section is only important if you are using an Feng Office version older than 1.5.+This section is only important if you are using an Feng Office version older than 1.5.
  
 In Feng Office 1.5 the "Can manage contacts" permission has been renamed to "Can manage all contacts". This permission gives you rights on all Contacts in the system, disregarding on which Workspace they lie. If a user doesn't have the "Can manage all contacts" permission set, Contacts will behave like any other Content Object for him, so he will only be able to see Contacts assigned to Workspaces on which he can "read" Contacts. In Feng Office 1.5 the "Can manage contacts" permission has been renamed to "Can manage all contacts". This permission gives you rights on all Contacts in the system, disregarding on which Workspace they lie. If a user doesn't have the "Can manage all contacts" permission set, Contacts will behave like any other Content Object for him, so he will only be able to see Contacts assigned to Workspaces on which he can "read" Contacts.
  
 On older versions however, [[contacts]] do not act the same way as all other content objects regarding permissions. If a user has permissions to manage contacts, he can access //all// contacts if he clicks ''All'' in the workspace selector - not only the contacts of the workspaces he has permissions for. In other words: Assigning contacts to a workspace does not affect its visibility for other users but is only a way to organise contacts. On older versions however, [[contacts]] do not act the same way as all other content objects regarding permissions. If a user has permissions to manage contacts, he can access //all// contacts if he clicks ''All'' in the workspace selector - not only the contacts of the workspaces he has permissions for. In other words: Assigning contacts to a workspace does not affect its visibility for other users but is only a way to organise contacts.